packet: fix tp_reserve race in packet_set_ring

author Willem de Bruijn <willemb@google.com>

Thu, 10 Aug 2017 16:41:58 +0000 (12:41 -0400)

committer Seung-Woo Kim <sw0312.kim@samsung.com>

Thu, 12 Oct 2017 10:00:11 +0000 (19:00 +0900)
author Willem de Bruijn <willemb@google.com>
Thu, 10 Aug 2017 16:41:58 +0000 (12:41 -0400)
committer Seung-Woo Kim <sw0312.kim@samsung.com>
Thu, 12 Oct 2017 10:00:11 +0000 (19:00 +0900)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c

index 22f2a3d..870115a 100644 (file)
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3176,14 +3176,19 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
  
                 if (optlen != sizeof(val))
                         return -EINVAL;
-               if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
-                       return -EBUSY;
                 if (copy_from_user(&val, optval, sizeof(val)))
                         return -EFAULT;
                 if (val > INT_MAX)
                         return -EINVAL;
-               po->tp_reserve = val;
-               return 0;
+               lock_sock(sk);
+               if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) {
+                       ret = -EBUSY;
+               } else {
+                       po->tp_reserve = val;
+                       ret = 0;
+               }
+               release_sock(sk);
+               return ret;
         }
         case PACKET_LOSS:
         {
author	Willem de Bruijn <willemb@google.com>
	Thu, 10 Aug 2017 16:41:58 +0000 (12:41 -0400)
committer	Seung-Woo Kim <sw0312.kim@samsung.com>
	Thu, 12 Oct 2017 10:00:11 +0000 (19:00 +0900)